CISES SRL, with registered office in Via Valerio Flacco n. 10 – 35128 Padua, Italian Fiscal Code 076018019 and VAT registration number 0228800280, as data controller (later, we, us and our) informs according to Article 13 of General Data Protection Regulation (GDPR) EU 2016/679 that your personal data provided to, or collected by or for, when you visit or use our websites, will be processed in the manner and for the following purposes.
- Object of processing activities
CISES SRL collects information about you in two ways: directly from your input and through automated technologies:
- Contact details, such as your name and surname, e-mail address, postal address, phone number, institutional affiliation.
- Accounting informations, such as references payment (bank account, IBAN, credit card, etc.)
- Legal basis of the processing
The legal basis used for treating personal data are the following, according to the finalities set out in the next Article 3:
- Fulfill of contractual and pre-contractual obligations: we collect your personal data for service’s finalities as referred in Article 3.A. It is mandatory to provide your personal data for this purpose. We will not provide the service without these informations.
- Legal obligations: We shall also collect your personal data for dispute’s purposes referred to in article 3.B). It is mandatory to provide your personal data for this purpose, therefore we are obliged to comply in accordance with the applicable laws.
- Purpose of the processing
Your personal data are processed for the following purposes.
- A) Providing services: without your express consent for the following purposes:
– Provide, activate and manage your access to and use of our service;
– Fulfill pre-contractual, contractual and fiscal obbligations;
– Respond to your requests, inquiries, comments or concerns.
- B) In case of dispute: without your express consent for the following purposes:
– fulfill our obligation to you or where required by law, by regulation, by Community legislation or by an order of the Authority (such as for anti-money laundering);
– defend, to advance pretensions, to practice CISES’s rights, for instance the right of defense in judgement in your comparisons or of third parties.
- Operations of processing activities
Personal data processing is realized through the following operations: collection, recording, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subjected to both paper and electronic and /or automated processing (e.g. by electronic mail and other computerized tools).
We take precautions to safeguard your personal data against loss, theft, misuse and unauthorized access, disclosure, alteration and destruction through the use of appropriate technical and organizational measures.
Only duly authorised staff can treat your data during the carrying out of his/her own job.
- Data retention
CISES SRL retains your personal data for as long as necessary to provide the service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.
CISES SRL will retain your personal data for the necessary time to carry out to the finalities as referred in Article 3.
For the purposes defined in Article 3.B) we could preserve personal data that we will reasonably hold necessary to treat for such ends, for the time that the legal claim can be pursued.
If the data processing is based on your consent, CISES SRL can retain personal data as long as the consent is not revoked, except the obligation to retain the data for a great period in compliance to an obligation of law or by an order of the Authority. At the end of this period of maintenance, personal data will be cancelled, therefore cannot be more practiced the access, rectification and cancellation right.
- Recipients and categories of recipients of personal data
Personal data may be made accessible for the purposes referred to in Article 3, in the following ways and contexts:
- CISES SRL employees and partner as entrusted, authorized, system administrators and/or internal managers of the processing;
- third party companies or other subjects (as indication credit institutions, professional and law firms, consultants, providers of postal, electronic mail and web services, professional associations, insurance companies, etc.) as well as those subjects to whom the communication of personal data is mandatory by law for the accomplishment of legal obligations.
Without the need for express consent, we may communicate your personal data to Supervisory Bodies, Judicial and Competent Authorities to whom the communication of personal data is mandatory by law for the accomplishment og legal obligations.
- Data transfer
Your personal data may be stored and processed by paper files and by servers located in the European Union.
- Nature of providing data and consequences of refusing to answer
The provision of personal data for the purposes referred to in art. 3.A) and 3.B) is mandatory. In their absence CISES SRL will non ensure the services referred to in article 3.A), as well as the defence in court proceedings referred to in article 3.B). You may decide not to provide any personal data or subsequently deny the possibility of processing personal data already provided. In this case, you will not be able to benefit from our services.
- Rights of the interested party and how to exercise rights
Under GDPR, in your capacity as an interested party, if conditions are met, you have the rights of:
- Request access and/or duplicates of your personal data retained, to be informed about processing activities, even if not yet registered;
- Request rectification or updating your personal data;
- Object to the processing of your personal data;
- Obtain the deletion of your personal data;
- Obtain the indication of the origin of personal data;
- Withdraw your consent to processing of your personal data at any time;
- Request personal data portability where applicable;
- Complain with a Data Protection Authority/Regulator (garanteprivacy.it).
You may exercise the rights referred to above, excluding some exception in order to protect the public interest (for example, crime prevention and/or identification). If you exercise one of the rights referred to above, it will be our burden verify you are legitimised to exercise it and give you a feedback usually within one month.
You may exercise the rights referred to above, pose any questions, make any complaints regarding your personal data by contact detail set out below.
- registered mail to CISES SRL, Via Valerio Flacco n. 10 – 35128 Padua, Italy.
- e-mail: firstname.lastname@example.org.